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WHAT IS CLAIMED IS: 

1: A system fo\r enabling asynchronous 

authentication of a non-tpreauthenticated client -User 
means in a Kerberos domain {servicing multiple requesting 
non-preauthenticated clients while eliminating any delays 
due to multiple concurrent (authentication requests, said 
system comprising: 

(a) client -User I means (10) for requesting 
authentication frbm a client-server means (13)/ 

(b) client -sexrvWr means (13) for communicating 
with a Kerberjos server means (20) for 
developing a spjbcific set of credentials for 
said single cliekit requesting authentication; 



(c) said Kerfcferos server means (20) for 
developing ani asynchronous authentication 
response and a f Ticket Granting Service to said 
client-server ireans (13). 
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2: The system of Claim 1 wherein said client-User 

means (10) inc lude s : 



(al) multiple 
concurrently] 



client-Users who may 
seek authorization to utilize 



said client /server . 



3: The system of/ claim 1 wherein said Kerberos 

server means (20) includes: 

(cl) means to return an authentication 
response to said client-Server means; 

(c2) mefans to return a Ticket Granting 
Service signal to said client -server 
means/ 
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4 : The syst I 

server means include 
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of claim 1 wherein said client - 



(bl) communication means (MARC40, COMS42) 
for exchanging information between a 
requesting principal or client-User, a 
Master Control Program, a General Security 
Service I Library (6SS38), and a Kerberos 
Support iLibrary (KSL34 ) ; 

(b2) said Master Control Program (60) for 
controlling said communication means, said 
General Security Service Library and said 
Kerberos support Library (34); 

(b3) said) General Security Service Library 
(GSS38) providing multiple threads for 
handling inultiple concurrent requests for 
authentication; 

(b4) said | Kerberos Support Library (34) 
for developing and storing specific 
authentication credentials for each 
validated client-User authentication 
request 



5 : The system of claim 4 wherein said Kerberos 

Support Library (34) incliides: 



Kerberps 
an 

Ticket 
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(b4a) means for accessing said 
Server means (20) to acquire 
authentication response and a 
Granting Service. 
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6: A secure message transmission system in a 

Kerberos environment which permits a client-user to 
operate in a xietwork for authentication request 
transmittal and message response without suspending 
client service wh^n a Kerberos Server has not yet 
responded to an earlier request for an authentication 
message code signal,! said system comprising: 

(a) client|-terminal means (10) to indicate an 
original (request for validation of an 
authentication message signal from a Kerberos 
Server (20) 



(b) program 
control of 
for transm: 
Kerberos 



means (MARC 40 and COMS 42), under 
a Master Control Program (MCP60), 
tting requests for service to a 
Stipport Library (34), a General 



Security Service Library (38) and Kerberos 
Server (20) for the return of an authentication 
response message to said client terminal means 
(10) from credential information placed in said 
General Security Service Library; 

(c) means far enabling said Kerberos Support 
Library (2 4) to elicit authentication 
and Ticket Granting Service from 



information 



said Kerber as Server 



validating 



(20) 



r eden t i a 1 da t a 



for deposit as 
in said General 



Security Service Library (38). 
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7 : A methtod for asynchronous authentication of a 

non-preauthenticated originating terminal in a Kerberos 
domain, said authentication occurring without delay due 
to other concurrent requests for authentication by other 



terminals such 
method comprising 



4s client-Users 
the steps of: 



on ji: 



(a) 
for 
terminal 



and principals, said 



nating a request, to a client-server, 
authentication by a non-preauthenticated 



(b) processing said originating request and 
other originating requests concurrently; 

(c) responding back asynchronously by said 
client-server to authenticate the validity of 
said original requesting terminal without any 
delays £Lue to other concurrent requests for 
authentication 
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8: The metjhod of claim 7 wherein step (a) includes 

the step of j 



(al) originating concurrent multiple requests 
for authentication from multiple client-Users 
and principals. 



9: The method 

the steps of: 



of claim 7 wherein step (b) includes 



(bl ) develc ping 



credentials 



<b2) 
terminal 



a synch ronously 



for 



set of identifying 



for said originating terminal; 



validating said originating 
use of a Kerberos domain. 
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10: The method of 

includes the steps of: 
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cla 



10 



15 



20 



25 



30 



control of 
(MCP60), a 
(34), and 
credentials 



m 9 wherein step (bl) 



(bla) requesting, via a communication 
CMijRC 40, COM942), under 
a Master Control Program 
Kerberos Support Library 
n Kerberos Server (20) for 
and a session key; 



(bib) creating a credential structure 
by said Kerberos Support Library (34) 
to identify) said originating terminal 
and provide a Ticket Granting 
Service; 

generating j 



(blc) 
Security 
a Name- 
that 

terminal to 
Kerberos 



by a General 
Selrvice Library (GSS 38), of 
Handle and GSS Credential Tag 
identifies the originating 
said GSS (38) and to said 
Library (34); 



Su ?Port 

(bid) gene] rating a message, by said 
Kerberos Sfupport Library (34), to 
communication means (MARC 
that the Kerberos 
cycle has been 



inform sai 
40, COMS42) 
au t hent i c at i on 



successfully completed « 
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11: The method 

includes the steps 
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of claim 



wherein step ( bl ) 



(bla) \processing concurrent authentication 
requests via multi- threaded processing 
means tlo develop a specific credential for 
each originating terminal; 

(bib) | conveying said first completed 
authentication request to said Kerberos 
Support} Library (34) and said 

communidation means (MARC 40, COMS42). 



12: The method of \ claim 7 wherein step (c) includes 

the steps of: 

(cl) utilizing! said communication means (MARC 
40, COMS42) Ito transmit an authentication 
signal from satLd Kerberos Support Library (34) 
to said originating terminal. 
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13: 
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In a network wherein multiple client-terminals 



communicate with a 
Support Library 
communications mea: 



lient-server (13), having a Kerberos 
(34), and communicate with a 
( MARC 4 0 , COMS 42), a General 
Security Service Library (38) and said client-server for 
accessing response / information from a Kerberos server 



10 



(20), a method for 
to receive an 
a synchr onou sly f r on . 
the steps of: 



enabling a requesting client -terminal 
authentication response message 
said Kerberos Server (20) comprising 



(a) initiating an authentication command 



request 



>y a requesting client -terminal; 



15 



20 



25 



(b) utilizing a communication management 
system, under control at a Master Control 
Program (MCP60 ) , using a communication means 
having a communication management program (COMS 
42) and menu assisted resource control program 
(MARC 4f>) to communicate said command request 
to said I Kerberos Server (20) via said Kerberos 
Support J Library (34) and to receive a Kerberos 
response message for credential processing by 
said General Security Services Library (38) 
which is then conveyed by said communication 
means /(40, 42) to said requesting client- 
termindl . 
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14: 
of: 



The method. I of 'claim 13 which includes the step 

(c) Terminating the session between said 
client -terminal (10) and said Kerberos Support 
Library (34 J once the authentication request 
response has) been transmitted from said General 
Security Library (38), thus allowing said 
client -served (13) to process other 
authentication requests • 



15: The method | of 

includes the step of: 



claim 13 wherein step (b) 



(bl) initialing an error message by said 
Kerberos Support Library (34) when a failure in 
authentication has been recognized; 

(b2) requesting, via said error message, that 
said client-Terminal (b) should initiate a log- 
on. 



V 
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